I own a lot of websites and many of these websites use WordPress. WordPress is by far, the most widely used content management system (CMS) available online. But it is also the most popular target for hackers. That is why I believe that the Limit Login Attempts plugin is one of the most important plugins that all sites running WordPress should install.
This plugin limits the number of login attempts possible both through normal login as well as using auth cookies. By default WordPress allows unlimited login attempts either through the login page or by sending special cookies. This allows passwords (or hashes) to be brute-force cracked with relative ease. Limit Login Attempts blocks an Internet address from making further attempts after a specified limit on retries is reached, making a brute-force attack difficult or impossible.
Now, we all know that security is not a sexy topic and nobody cares about security…. until their site gets hacked or attacked. That is why security is something that needs to be taken seriously. On one of my sites, this plugin has successfully blocked over 2,000 login attempts. The plugin is easy to install and can be used out of the box without re-configuring the default settings. I’ve found this is one of the easiest ways to prevent a brute force attack and is a great alternative to other security plugins that alter the wp core. I use this plugin on all my sites. Seriously, I don’t understand why this stuff has not been moved into WordPress core.
If you happen to have a website that runs on WordPress, then you absolutely need to install this plugin. I am surprised at how many invalid login attempts happened on my various websites. (I guess hackers just have nothing better to do… ). Folks, this plugin is really awesome!!! This is an absolute must-have plugin that works flawlessly.